[wp-trac] [WordPress Trac] #36317: Introduce a cookie prefix default constant
WordPress Trac
noreply at wordpress.org
Thu Mar 24 01:41:59 UTC 2016
#36317: Introduce a cookie prefix default constant
------------------------------------+-----------------------------
Reporter: johnjamesjacoby | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords: 2nd-opinion
Focuses: |
------------------------------------+-----------------------------
Right now, all of WordPress's cookies are prefixed with the same
`wordpress` namespace. A problem arises with `advanced-cache.php` caching
solutions that load before `default-constants.php` is included, where the
cookie prefix cannot be guessed.
The current work around is to stab at each cookie individually:
{{{
// Auth cookie
if ( defined( 'AUTH_COOKIE' ) && ( $this->cookie === AUTH_COOKIE ) ) {
return true;
}
// User cookie
if ( defined( 'USER_COOKIE' ) && ( $this->cookie === USER_COOKIE ) ) {
return true;
}
// Logged-in cookie
if ( defined( 'LOGGED_IN_COOKIE' ) && ( $this->cookie === LOGGED_IN_COOKIE
) ) {
return true;
}
}}}
And to special case the test cookie, like:
{{{
// Generic 'wordpress' cookies (that are not test cookies)
if ( ( substr( $this->cookie, 0, 9 ) === 'wordpress' ) && ( $this->cookie
!== 'wordpress_test_cookie' ) ) {
return true;
}
}}}
But without a known and trusted cookie prefix, it's still an unpredictable
environment.
-----
I'd like to re-propose an 8 year old issue (#6413) to introduce a new
default constant to define a cookie prefix. This could turn the above
snippet into something at least slightly more sane, like:
{{{
// Generic 'wordpress' cookies (that are not test cookies)
if ( defined( 'COOKIEPREFIX' ) ) {
$len = strlen( COOKIEPREFIX );
if ( substr( $this->cookie, 0, $len ) === COOKIEPREFIX ) && (
false !== strpos( $this->cookie, 'test_cookie', $len ) ) {
return true;
}
}}}
A `COOKIEPREFIX` constant would also allow plugins an easy way to drop
themselves inside of WordPress's cookie namespace, which will help them
play more nicely in environments where WordPress is not the only
application within the domain.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36317>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list